Local or allowed recipient:
Check the address given as
RCPT.
Is it a
local
address
or is it an address for which we relay?
If yes: the mail is accepted,
i.e., no error is generated.
(This is the case:
external to internal.)
If no: goto next step.

Local or authorized sender:
Check the IP number
(${client_addr})
or the name
(${client_name})
of the host which tries to send e-mail through this system.
Is it a
local
system?
If yes: it can do whatever it wants.
(This is the case:
internal to external
or
internal to internal.)
If no: an error is generated, relaying is denied.

Detecting whether the recipient address is local
isn't an easy task because there are many ways to specify an address.
sendmail
considers all elements of class
$=w
as local, so these are allowed by default.
However, it isn't sufficient to check whether an address ends
in an element of this class, since this can be fooled,
e.g.,
<user%remote.site@local.site>.
Hence the ruleset
remove_local
(repeatedly) removes the local part of an address.
If there is still some domain part available after this process,
it is considered as a relay attempt.

In addition to class
$=w
a
$={RelayTo}
class can be used to specify allowed recipient domains
or individual hosts
(enabled by
HACK(use_relayto)
.)
Allowing relaying to other systems
than local ones
has some
problems.

The address of the recipient is listed as
to=
in the sendmail logfile, or as
arg1=
if
check_rcpt
denied the operation.

As already said, the address of the sender is determined by
${client_addr}
or
${client_name},
it is
not
based on the envelope
MAIL FROM
address!
Hence
check_rcpt
can not be fooled by giving a false
MAIL FROM
address, it doesn't check this address at all
(unless some feature
(8.8 HACKs: _ALLOW_SOME_,
8.9:
relay_local_from)
is explicitly defined.)

Which hosts you consider as
local
with respect to sending e-mail through your system
is listed in classes
$={LocalIP}
(for
${client_addr},
enabled by
HACK(use_ip)
)
or
$={LocalNames}
(for
${client_name},
enabled by
HACK(use_names)
),
respectively.
This IP address is listed as
relay=
in the sendmail logfile.
If both
HACKs
are used, it is a logical
OR
condition:
the client IP address must be in
$={LocalIP},
or
the client name must be in
$={LocalNames},

However, the use of separate classes allows finer control.
Even though it might not be necessary in common cases,
someone would have asked for this feature
(judging from the number of
available options. )